Spoofing those Web sites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read e-mail messages and monitor any other activities its citizens performed, even if the connections were protected with SSL Secure Sockets Layer encryption.

Spoofing those Web sites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read e-mail messages, and monitor any other activities its citizens performed, even if Web browsers show that the connections were securely protected with SSL encryption.

But what if instead of merely eavesdropping, the malicious party actually interferes with the connection, placing itself between the client and the server, intercepting everything sent between the two, known as a man-in-the-middle MITM attack .

Also noteworthy is a new feature called Extended Protection for Authentication, which prevents many sophisticated man-in-the-middle attacks that can strike at some of our most trusted security protocols (such as SSL and TLS).

It wouldn't be very difficult for a malicious coder to tweak a "man-in-the-middle" banking program and get it to start inserting extra fields into a legitonline tax form, or to crackinto a legit tax transaction andbegin redirecting cash transfers.